HackDig : Dig high-quality web security articles for hacker

Google has released today the September edition of the Android Security Bulletin, which, starting this month, features a new three-level patching string system that is extremely confusing, even for Android professionals.

The "Android security patch level" string is a setting in the phone's "About" section that tells you the date of the last security update your phone received.

Google introduced this string when it started delivering scheduled monthly updates last August.

In May 2016, the company renamed the Nexus Security Bulletin to the Android Security Bulletin to reflect that some of the fixes addressed all Android devices, not just its own.

In July 2015, the company split the bulletin in two, with one section addressing security fixes in core Android files while the second containing fixes in device-specific drivers and components. As such, the bulletin featured, for the first time, two security patch levels.

September security bulletin fixes 54 security issues

For this month, lo and behold, the Android Security Bulletin now has three security patch levels that for sure will confuse users.

There's the "2016-09-01" security patch level that includes core security updates for the Android OS.

There's the "2016-09-05" security patch level indicating that a device has received security updates for core files and device-specific drivers.

And there's "2016-09-06," which indicates the phone includes security updates for core files, device-specific drivers, and... we don't know. For this month, the third security patch level includes two bug fixes, one for a critical update for an Android core-related issue, and for a Qualcomm networking component. Doesn't really make sense that much.

Remember, this was the same company that was cited saying it would start shaming OEMs for failing to implement security fixes. Well, Google isn't making their life easier.

Below is the screenshot of an Android device's security patch level string, and all the security fixes included in this month's security bulletin.